The GSMA has released a list of mobile operators that have agree to implement its IoT Security Guidelines saying these guidelines “outline best practice and recommendations for IoT security for the entire IoT ecosystem and set out a comprehensive security assessment scheme to help ensure IoT services are protected against IoT security risks.”
It has named these operators as: China Mobile, China Telecom, China Unicom, Deutsche Telekom, Etisalat, KDDI, LG Uplus, Orange, Telefónica, Telenor Group, Telia, Turkcell, Vodafone Group and Zain.
GSMA CTO Alex Sinclair said the guidelines encouraged the industry to adopt a robust set of best practices that would help create a more secure IoT market with trusted, reliable services that could scale as the market grows.
GSMA says guidelines are targeted at IoT service providers, device manufacturers, developers and mobile operators and “provide best practice for the secure end-to-end design, development and deployment of IoT solutions across industries and services [address] typical cybersecurity and data privacy issues associated with IoT services and outline a step-by-step process to securely launch solutions to market.”
They are supported by an IoT Security Assessment scheme that, GSMA says “provides a checklist to support the secure launch of IoT solutions into the market and keep them secure throughout their lifecycles thereby creating a sustainable IoT ecosystem that is designed for end-to-end security.
Both the GSMA IoT Security Guidelines and IoT Security Assessment also cover LTE-M and NB-IoT.
The GSMA IoT Security Guidelines:
– Include 85 detailed recommendations for the secure design, development and deployment of IoT services
– Cover networks as well as service and endpoint ecosystems
– Address security challenges, attack models and risk assessments
– Provide several worked examples
The GSMA IoT Security Assessment:
– Is based on a structured approach and concise security controls
– Covers the whole ecosystem
– Can fit into a supply chain model
– Provides a flexible framework that addresses the diversity of the IoT market
The complete set of the currently comprises
– IoT Security Guidelines Overview Document
– IoT Security Guidelines for Network Operators
– IoT Security Guidelines Endpoint Ecosystem
– IoT Security Guidelines for IoT Service Ecosystem
As at 19 July 2018, all documents are Version 2.0, 31 October 2017.
